Open Letter - Call for major websites to opt out of Phorm

Open letter, sent to Chief Privacy Officers or equivalent at:

We are writing this open letter to you to ask you if you will act to protect your users' privacy.

We are asking you to exercise your ability to opt out of the Phorm system, that is planned to be rolled out in the near future under the "Webwise" brand by BT, Virgin and TalkTalk, the three largest UK ISPs.

You may already be aware of the very significant concerns being expressed by many of your UK Internet customers about the interception and processing of their data whenever it is viewed by customers whose ISPs deploy the Phorm/Webwise system.

This was recently highlighted in a widely reported meeting held in Parliament, hosted by Baroness Miller, at which Sir Tim Berners-Lee, the inventor of the World Wide Web, made a firm stand against technologies which 'snoop' on the Internet, because of the highly sensitive nature of those communications.

Further demonstrations of the worries about Phorm include over 21,000 members of the public signing a petition against Phorm’s deployment:

We believe that many of your customers will feel exactly the same way. They may be using other Internet providers, but the information they put on your website may well be viewed by them as personal, and they will not wish it to be read and stored by third party technologies.

Even where your customers are using Phorm / Webwise ISPs, we are entirely unconvinced that the information they are given will ensure that they give 'informed consent' to the processing of all the data they send to and receive from your website.

Additionally, you may have concerns of your own; that a third party will be processing the contents of your website, without asking your permission, in order to construct profiles of your customers.

You may already be aware of our view that the Phorm / Webwise system is illegal. Communications cannot be lawfully intercepted, as this system does, without the informed consent of both the sender and receiver. The system will make copies of copyright material without permission, a further unlawful activity. Also, by forging extra 'tracking' cookies in your name, it may well bring your own system into disrepute.

We strongly believe that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website.

You may well wish to reserve the right to take legal action on your own account. However, Phorm have announced an alternative and relatively simple way of taking action, in that it is possible to "opt out" of their system by simply sending an email to website-exclusion at webwise.com.

While we recognise that an "opt-out" is an entirely second-rate way of dealing with this problem, we would strongly urge you to take advantage of it, in order to immediately reduce the risk of harm to your company and to your customers.

Making your decision public will provide reassurance to your customers, and will help them retain confidence in your brand, as well as in the integrity of the Internet as a whole.

We therefore strongly urge you to exercise your ability to "opt out" as soon as possible, and declare publicly to us and to your customers that data sent to and from your website will not be snooped upon by the Phorm/Webwise system.

Comments (34)

We are constantly reminded that piracy causes the British industry millions each day.

We are constantly reminded about Data protection each day, which incidentally I agree with, why then is this company allowed to proceed.!!!

The public have expressed concerns around web technology lately and here I am thinking of the new Google offering which can show you the vision of your house allbeit with certain parts omitted. I use the same arguement here that in the wrong hands this technology can be very dangerous whether this is Google or Phorm.

Piracy on software is rife how does anyone know whether Phorm hasnt already been pirated? How does anyone know this isnt already in use?? the answer is WE DONT!!

Thats the issue and jerein lies the problem. If this goes ahead there will be public outcry and the paying public may decide that they can live without WWW .

[...] Despite the question marks over “Webwise’s” legal status, Phorm wants to press ahead with its implementation. So the Open Rights Group wrote to some of the largest websites out there asking them to opt-out of the “Webwise” .... [...]

Is it not obscenely fraudulent that these data pirates are needlessly coupling two entirely unrelated services (phishing protection vs. behavioural targetted advertising)? And that you are forced to accept one if you want the other? This side of the issue seems not to have been much commented on.

The best analogy I can think of is that before a security firm will install a burglar alarm they mandate you give them of a copy of your front door key so they can see what stuff you have in your house when they feel like it in future. (Oh, and they fail to point out that you house already has an alarm system installed.)

Thank you very much for your excellent work. I am one of those ginny pigs in the 2006 BT trials. I switched ISP providers and was charged over £200 for ending my contract with BT... it is sad we have to pay to be free, but it is even worse nobody seems to care...

[...] for Amazon’s opt-out from Phorm. The London-based Open Rights Group last month sent an open letter to many of the major technology companies, including Google, Yahoo, Microsoft, Amazon and eBay, [...]

This is not just a consumer privacy issue.
It also steals ad revenues from websites by replacing them with its own ads
and gives a third party the same retail data that major websites use to tailor pages to consumers and hence gain competitive advantage.

Of course major website want to opt out, they would be daft not to, for them its theft.

[...] who run Wikipedia amongst other things) and Amazon have opted out, and the Open Rights Group has written to others like Yahoo, eBay and Microsoft, urging them to do the same. Even the Privacy Officer of [...]

There is a new petition that seems very specific about the unacceptable part (to me) of Phorm. Aswell as showing how many people signed the old one would it not be worth publicising the new specific message "Keep out of our ISPs!"

For those people new to this discussion or those who think Phorm does nothing to interfere with privacy, visit tobymeres.net where there is unedited footage of the public meeting about Phorm taken in April last year. You will see Dr Richard Clayton and Alexander Hanff explain exactly whhy Phorm's Webwise "product" is illegal. You will also see Kent Ertegrul fail to answer those points in any convincing way. You will also note that the "official" footage recorded by 80/20 Thinking has yet to appear.

If Phorm is so wonderful and has nothing to hide then where is the legal opinion disproving the arguments about its legality? Why did Phorm use PR agencies to try and belittle those who discussed opposing Phorm in forums? Why does Phorm use its legal people to try and intimidate those who post publicly available information about the company?

In no way should you be asking people to opt out of Phorm by using the method they suggest. It is Phorm and BT who are in the wrong and legitimizing their process of opting out is IMHO wrong. The law states that this system must be opt in and the pressure should be put on Phorm / BT to make sure they comply with the law.

With the exception of the first of those sites, which doesn't carry advertising per se, I am surprised that this letter makes no mention of what will really impact these companies: the possible effect of Phorm on their bottom line. Not only will their sites and their users be getting profiled, but the advertisements which they place on their sites *in order to fund their activities* will be getting over-written (against their wishes) and replaced by adverts the income of which will benefit Phorm and the ISPs concerned.

This letter appeals to the principles of data security, but the loss of display and click-through income from advertising will hit the finance base of many sites and is, in my opinion, a far more important reason for websites to want to see Phorm stopped before it fully starts.

@Mark Keenan. The difficulty with Phorm (and that which distinguishes it from the efforts of google and others) is that a private channel of communication between website and browser is being intercepted and the content stored. That represents a straightforward breach of privacy and should only be done with express consent.

There are many ways to carry out useful and targeted behavioural advertising. Amazon does it all the time to me, but amazon does not feel the need to listen in to private communications to do that, it simply uses the information I freely give it on its website. I don't have to do that and can opt out in various transparent ways.

Phorm and other deep packet inspection techniques are different. Referring to "luddites" does not really help forward the debate.

Phorm does nothing to affect privacy in any way. It is simply behavioural targeting and allows the advertiser to set up a campaign based on generic preferences gained from the ISP data. It is no threat to an individual and the luddites should actually tell the truth about what this does and not try and scare the public with disimformation.

"You may already be aware of the very significant concerns being expressed by many of your UK Internet customers about the interception and processing of their data whenever it is viewed by customers whose ISPs deploy the Phorm/Webwise system."

I for one haven't heard such concerns. Is there somewhere I can read about them? This open letter is a bit short on detail about the system in question, and I don't see any relevant links here on this page.

Just shows how desperate all the antis now are - resorting to having to beg the likes of Google to help preserve privacy !! Might as well ask McDonalds to help ban the eating of meat !

'tis good to see the antis stooping so low, they are in total disarray as shown on their website where they all now advocate personal vendettas on Phorm staff. They have turned back into a most unsavoury bunch.

[...] for Information Policy Research, and prominent privacy advocates Alexander Hanff and Pete John, have written to Microsoft, Google/YouTube, Facebook, AOL/Bebo, Yahoo, Amazon, and eBay to win support for a [...]

Insstead of Phorm, perhaps we should all get a personal robot. It will be briliant, it willkeep the house clean, wash the car, do your work. It will follow us around, see what we buy, what films we watch, what we eat, when we exercise, when we sleep. It can then whisper little things in our ear, coca cola is cheap today, time to wake up HMV just opened. When the adverts come on the telly it will change the channel so you can't watch the ones that aren't being provided by the robot's supplier, and it will send all this information back - but hey it's ok, no one knows which robot is yours.

Francis, you also miss an important point — we're not luddites. The board and the Advisory Council (of which I am a member) of the Open Rights Group include people like Richard Clayton, Tom Coates, Alan Cox, Cory Doctorow, Ben Hammersley, Desirée Miloshevic, Danny O'Brien and Jonathan Zittrain. To suggest we're one big bunch of luddites is simply ridiculous and suggests a complete lack of understanding.

But Francis is right — the other problem is that this isn't good for the advertisers either. My day job is at an ad agency; I'm not some anti-advertising nut who thinks behavioural advertising is an evil invasion of my privacy. Au contraire: I think it's a concept that has the potential to benefit both advertisers and consumers.

But Phorm are going about everything the wrong damn way. Advertising is all about building up trust between a brand and their customers. Deep packet inspection without consent — from either party involved in the communication — is not only completely the wrong way to build that trust, but is also likely to be illegal under the Regulation of Investigatory Powers Act.

Openness, honesty and transparency are how to build your customers' trust in your brand. Intercepting their communications to futz with them really isn't. Advertisers should steer clear of Phorm like it were the plague.

Open Rights Group exists to preserve and promote your rights in the digital age. We are funded by thousands of people like you. We are based in London, United Kingdom. Open Rights is a non-profit company limited by Guarantee, registered in England
and Wales no. 05581537.